Using SSL

Turning on SSL was a little more time consuming than I thought it would be – largely because of my naivete.  Here’s some of things I had to do to make it work.

  1. For Paperclip – for images from S3, I had to changes the parameters in has_attached_file to include ‘:s3_permissions => :private, ‘ .  This will give the S3 images a https in the url
  2. For the Recaptcha gem, add the option :ssl => true as an option to the recaptcha_tag, like so: <%= recaptcha_tags(:ssl => true) %>
  3. I had to change all external libraries I referenced for CSS or JS to https (in the url) or download a local copy and reference the local copy
  4. in each controller where a view that needed to be secured force_ssl :only => :new or force_ssl :only => [:new, :edit] for multiple actions

When you run into issues, maybe these tips will help:

  • if you’re using Chrome, Chrome will mark all pages insecure if you hit one that claims https, but has some insecure elements (so you may see a page that is secure, but it says insecure).  If you find this, pop open a new tab and paste the url in doubt
  • seek and destroy all elements that show in your source that are http instead https, except links
  • when a browser asks if you want to display insecure items, try saying no and see if you can see if there’s anything missing (in the case of it being javascript, you may not notice anything visually)